/**
 * Software License, Version 1.0
 * 
 * Copyright 2003 The Trustees of Indiana University.  All rights reserved.
 * 
 *
 *Redistribution and use in source and binary forms, with or without 
 *modification, are permitted provided that the following conditions are met:
 *
 *1) All redistributions of source code must retain the above copyright notice,
 * the list of authors in the original source code, this list of conditions and
 * the disclaimer listed in this license;
 *2) All redistributions in binary form must reproduce the above copyright 
 * notice, this list of conditions and the disclaimer listed in this license in
 * the documentation and/or other materials provided with the distribution;
 *3) Any documentation included with all redistributions must include the 
 * following acknowledgement:
 *
 *"This product includes software developed by the Community Grids Lab. For 
 * further information contact the Community Grids Lab at 
 * http://communitygrids.iu.edu/."
 *
 * Alternatively, this acknowledgement may appear in the software itself, and 
 * wherever such third-party acknowledgments normally appear.
 * 
 *4) The name Indiana University or Community Grids Lab or NaradaBrokering, 
 * shall not be used to endorse or promote products derived from this software 
 * without prior written permission from Indiana University.  For written 
 * permission, please contact the Advanced Research and Technology Institute 
 * ("ARTI") at 351 West 10th Street, Indianapolis, Indiana 46202.
 *5) Products derived from this software may not be called NaradaBrokering, 
 * nor may Indiana University or Community Grids Lab or NaradaBrokering appear
 * in their name, without prior written permission of ARTI.
 * 
 *
 * Indiana University provides no reassurances that the source code provided 
 * does not infringe the patent or any other intellectual property rights of 
 * any other entity.  Indiana University disclaims any liability to any 
 * recipient for claims brought by any other entity based on infringement of 
 * intellectual property rights or otherwise.  
 *
 *LICENSEE UNDERSTANDS THAT SOFTWARE IS PROVIDED "AS IS" FOR WHICH NO 
 *WARRANTIES AS TO CAPABILITIES OR ACCURACY ARE MADE. INDIANA UNIVERSITY GIVES
 *NO WARRANTIES AND MAKES NO REPRESENTATION THAT SOFTWARE IS FREE OF 
 *INFRINGEMENT OF THIRD PARTY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHTS. 
 *INDIANA UNIVERSITY MAKES NO WARRANTIES THAT SOFTWARE IS FREE FROM "BUGS", 
 *"VIRUSES", "TROJAN HORSES", "TRAP DOORS", "WORMS", OR OTHER HARMFUL CODE.  
 *LICENSEE ASSUMES THE ENTIRE RISK AS TO THE PERFORMANCE OF SOFTWARE AND/OR 
 *ASSOCIATED MATERIALS, AND TO THE PERFORMANCE AND VALIDITY OF INFORMATION 
 *GENERATED USING SOFTWARE.
 */
package cgl.narada.service.security.impl;

import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Hashtable;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

import cgl.narada.service.ServiceException;

/** The key management service provides a set of operations that are useful
    to enable message level encryptions.  
    
    $Date$
    $Revision$
*/

public class KeyManagementServiceImpl  {

  private Hashtable providers;

  private String moduleName = "KeyManagementServiceImpl: ";

  public KeyManagementServiceImpl() throws ServiceException {
    providers = new Hashtable();
    
    Provider cryptixCrypto = new cryptix.jce.provider.CryptixCrypto();
    try {
      Security.addProvider(cryptixCrypto);
      providers.put("CryptixCrypto", cryptixCrypto);
    } catch (SecurityException secEx) {
      throw new ServiceException(moduleName + secEx.toString());
    }
  }
  
  /** This method is called the first time we try to secure a template. */
  public SecretKey
  generateTemplateKey(int templateId, String algorithm, int keyLength,
		      java.security.cert.Certificate credentials)
    throws ServiceException {

    KeyGenerator secretKeyGenerator = null;
    SecretKey secretKey = null;

    try {
      if (algorithm.equalsIgnoreCase("AES")) {
	secretKeyGenerator = KeyGenerator.getInstance("Rijndael", 
						      "CryptixCrypto");
      } 
    
      if (algorithm.equalsIgnoreCase("DES")) {
	secretKeyGenerator = KeyGenerator.getInstance("DES", "CryptixCrypto");
      }
      
      if (secretKeyGenerator == null) {
	throw new ServiceException(moduleName + "Unknown algorithm [" +
				   algorithm + "] specified.");
      }
      
      
      secretKeyGenerator.init(keyLength, new SecureRandom());
      secretKey = (SecretKey)secretKeyGenerator.generateKey();
      
    } catch (Exception secEx) {
      throw new ServiceException(moduleName + "Security Exception => " +
				 secEx);
    }
    return secretKey;
  }
  
  
  public SecretKey generateSecretKey(String algorithm, String provider) 
    throws ServiceException {
    try {
      KeyGenerator kg = KeyGenerator.getInstance(algorithm,provider);
      int strength = 0; // strength of key
      
      // Check which algorithm is used and define key size.
      if (algorithm=="Blowfish") {
	// valid values are: starting from 40bit up to 
	// 448 in 8-bit increments
	strength=448; 
      } else if (algorithm=="CAST5") {
	// valid values are: starting from 40bit up to 128bit using 
	// 8bit steps.
	strength=128;
      } else if (algorithm=="DES") {
	strength=56;
      } else if (algorithm=="TripleDES"||algorithm=="DESede") {
	// FIXME: is that correct ? Waiting for cryptix' suppport 
	// if 3DES.
	strength=3*64; 
      }  else if (algorithm=="Rijndael") {
	strength=128; //valid values are: 128, 192, 256
      } else if (algorithm=="SKIPJACK") {
	// fixed size: 80 bits
	strength=80;
      } else if (algorithm=="Square") {
	strength=128;
      } else {
	throw new ServiceException(moduleName + "Unknown algorithm [" +
				   "algorithm specified");
      }
      
      System.out.println("Using keylength: "+strength+" bits.");
            
      // init key generator with the key size and some random data. 
      // Use SecureRandom only if use trust it. It is not a really 
      // verified PRNG, yet.
      kg.init(strength, new SecureRandom());
      
      // create a secret key from the keygenerator.
      SecretKey key = kg.generateKey();
      return key;
    } catch (Exception e) {
      throw new ServiceException(moduleName + "Error generating key " + e);
    } 
    
  }


}
